Questions tagged [clickjacking]

Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on.

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) potentially revealing confidential information or taking control of user computer while clicking on seemingly innocuous web pages.

It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.

Clickjacking is possible because seemingly harmless features of HTML web pages can be employed to perform unexpected actions.

Read more

132 questions

votes

3 answers

X-Frame-Options: ALLOW-FROM in firefox and chrome

I'm implementing a "pass-through" for X-Frame-Options to let a partner site wrap my employer's site in an iframe, as per this article: http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx (splitting…

asked May 18 '12 at 19:09

Rob

1,351
1
11
11

votes

6 answers

X-Frame-Options on Apache

I am trying to allow some particular domain to access my site via iframe Header set X-Frame-Options ALLOW-FROM https://www.example.com I know this could be done by add the line above to the config of Apache server. Two questions here. which config…

apache cross-browser x-frame-options clickjacking

asked Jun 13 '13 at 16:21

user1619397

votes

2 answers

How to Prevent our website by Clickjacking in ASP.NET c#?

I have a Dynamic website in which i have to make secure from clickjacking attack. In database getting these type of values while searching i was know little more about clickjacking but exactly is what not getting so Please anyone who knows help me…

c# asp.net clickjacking

asked Aug 24 '15 at 11:11

shashank

votes

3 answers

Is it Meaningful to Add 'x-frame-options' in an Restful API

We are developing a restful API that fulfils some various events. We have done a Nessus vulnerability scan to see security leaks. It turned out that we have some leaks leads to clickjacking and we have found the solution. I have added…

rest x-frame-options clickjacking

asked Dec 02 '15 at 14:16

Uğurcan Şengit

votes

6 answers

How to protect widgets from forged requests

Lets say you have a JavaScript widget which needs to fire off a request to your web application if and only if the user wants to click on it. You don't want this request to be vulnerable to CSRF so you write an iframe to the page. Based on the…

javascript security browser widget clickjacking

asked Sep 07 '11 at 02:32

rook

66,304
38
162
239

votes

3 answers

Allow Web Page To Be Rendered Inside HTML Frame

I have two web applications: web application (web-app) and report web. I want to embedded report web in web-app in a